[Samba] two subnets, one domain, several DCs?

[Paul Gienger]

The situation I've got is that I want to make one domain, and then use 
it on several different subnets.  I have 3 subnets, 10.1.x.x, 10.2 and 
10.3, all physically remote, but connected by a frees/wan tunnel that is 
working just fine.  We also have working LDAP logins and all that is 
fine.   I have gotten as far as getting my domain going on LDAP within 
one subnet, but now I'm trying to add the second one. 

I've got a second box on the remote subnet that can get connected to 
ldap, and authenticate users just fine, i.e. I can browse to it from 
wherever I need to come from, off of a machine that is connected to the 
server on subnet 1.  The problem arises when I try to join the domain 
from the second subnet.  I am entirely unclear on what configuration I 
need on the second box to make the domain join work.  I tried once with 
the same smb.conf from the first machine, at which point I could get 
joined just fine, but could not log in.  Now I have machine 2 in more of 
a non-master setup, basically just a domain master = no, and I can't get 
joined at all.  The smb.conf  of the 'master' is attached to the end of 
this post.

I've seen in the archives several people claiming that this is possible, 
but never giving any direction as to what to try.  I also remember 
seeing something about using seperate domains, but then sharing the LDAP 
data storage.  Would this be done by just changing the SID of all the 
domains to match?  Which of the two is a more reliable solution?  I'd 
lean toward the former, but I'm open to suggestions.

[global]
       workgroup = AE3
       server string =
       passdb backend = ldapsam:ldap://ldap1.fargo.ae-solutions.com
       pam password change = Yes
       log level = 2
       log file = /var/log/samba/log.%m
       max log size = 50
       add group script = /usr/local/sbin/smbldap-groupadd -p
       add user to group script = /usr/local/sbin/smbldap-groupmod -m
       delete user from group script = /usr/local/sbin/smbldap-groupmod -x
       set primary group script = /usr/local/sbin/smbldap-usermod -g
       add machine script = /usr/local/sbin/smbldap-useradd -w
       logon script = logon.cmd
       logon path = \\fgoserv\profiles\%U
       logon drive = H:
       logon home = \\fgoserv\%U
       domain logons = Yes
       dns proxy = No
       wins support = Yes
       ldap suffix = dc=ae-solutions,dc=com
       ldap machine suffix = ou=Computers
       ldap user suffix = ou=People
       ldap group suffix = ou=Group
       ldap admin dn = cn=Manager,dc=ae-solutions,dc=com
       ldap ssl = no
       ldap passwd sync = Yes
--
Paul Gienger                     Office:                701-281-1884
Applied Engineering Inc.         Cell:                  701-306-6254
Information Systems Consultant   Fax:                   701-281-1322
URL: www.ae-solutions.com        mailto:[EMAIL PROTECTED]
--
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba